Win32_LogicalFileAuditing class
The Win32_LogicalFileAuditing association WMI class relates the security settings of a file or directory and one member of its system access control list (SACL). You cannot enumerate this class.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
Syntax
[Dynamic, Provider("SECRCW32"), UUID("{FCC86599-DB20-11d2-85FC-0000F8102E5F}"), AMENDMENT]
class Win32_LogicalFileAuditing : Win32_SecuritySettingAuditing
{
uint32 AuditedAccessMask;
string GuidInheritedObjectType;
string GuidObjectType;
uint32 Inheritance;
uint32 Type;
Win32_LogicalFileSecuritySetting REF SecuritySetting;
Win32_SID REF Trustee;
};
Members
The Win32_LogicalFileAuditing class has these types of members:
Properties
The Win32_LogicalFileAuditing class has these properties.
-
AuditedAccessMask
-
-
Data type: uint32
-
Access type: Read-only
Bit flags specifying what activities are audited.
This property is inherited from Win32_SecuritySettingAuditing.
-
-
FILE_LIST_DIRECTORY (0)
-
Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.
-
FILE_ADD_FILE (1)
-
Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.
-
FILE_ADD_SUBDIRECTORY (2)
-
Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
-
FILE_READ_EA (3)
-
Grants the right to read extended attributes.
-
FILE_WRITE_EA (4)
-
Grants the right to write extended attributes.
-
FILE_TRAVERSE (5)
-
Grants the right to execute a file. For a directory, the directory can be traversed.
-
FILE_DELETE_CHILD (6)
-
Grants the right to delete a directory and all of the files it contains (its children), even if the files are read-only.
-
FILE_READ_ATTRIBUTES (7)
-
Grants the right to read file attributes.
-
FILE_WRITE_ATTRIBUTES (8)
-
Grants the right to change file attributes.
-
DELETE (16)
-
Grants delete access.
-
READ_CONTROL (17)
-
Grants read access to the security descriptor and owner.
-
WRITE_DAC (18)
-
Grants write access to the discretionary access control list (DACL).
-
WRITE_OWNER (19)
-
Assigns the write owner.
-
SYNCHRONIZE (20)
-
Synchronizes access and allows a process to wait for an object to enter the signaled state.
GuidInheritedObjectType
-
Data type: string
-
Access type: Read-only
GUID of the type of object from which this object inherits.
This property is inherited from Win32_SecuritySettingAuditing.
GuidObjectType
-
Data type: string
-
Access type: Read-only
GUID of the type of object to which the security settings are applied.
This property is inherited from Win32_SecuritySettingAuditing.
Inheritance
-
Data type: uint32
-
Access type: Read-only
Bit flags specifying how the audit policies are inherited.
This property is inherited from Win32_SecuritySettingAuditing.
SecuritySetting
-
Data type: Win32_LogicalFileSecuritySetting
-
Access type: Read-only
-
Qualifiers: Override ("SecuritySetting")
Reference to the instance representing the security settings of the file or directory object. This property cannot be enumerated.
Trustee
-
Data type: Win32_SID
-
Access type: Read-only
-
Qualifiers: Override ("Trustee")
Reference to the instance representing the entry on the object's SACL.
Type
-
Data type: uint32
-
Access type: Read-only
Type of access specified for the trustee.
This property is inherited from Win32_SecuritySettingAuditing.
Audit success (0)
Audit failure (1)
Remarks
The Win32_LogicalFileAuditing class is derived from Win32_SecuritySettingAuditing.
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\CIMV2 |
| MOF |
|
| DLL |
|